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Abstract 


This document specifies an extension to the base Application-Layer Traffic Optimization (ALTO) 
Protocol that generalizes the concept of "endpoint properties", which have been tied to IP 
addresses so far, to entities defined by a wide set of objects. Further, these properties are 
presented as maps, similar to the network and cost maps in the base ALTO Protocol. While 
supporting the endpoints and related Endpoint Property Service defined in RFC 7285, the ALTO 
Protocol is extended in two major directions. First, from endpoints restricted to IP addresses to 
entities covering a wider and extensible set of objects; second, from properties for specific 
endpoints to entire entity property maps. These extensions introduce additional features that 
allow entities and property values to be specific to a given information resource. This is made 
possible by a generic and flexible design of entity and property types. 


Status of This Memo 


This is an Internet Standards Track document. 


This document is a product of the Internet Engineering Task Force (IETF). It represents the 
consensus of the IETF community. It has received public review and has been approved for 
publication by the Internet Engineering Steering Group (IESG). Further information on Internet 
Standards is available in Section 2 of RFC 7841. 


Information about the current status of this document, any errata, and howto provide feedback 
on it may be obtained at https://www.rfc-editor.org/info/rfc9240. 
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1. Introduction 


The ALTO Protocol [RFC7285] introduces the concept of "properties" attached to "endpoint 
addresses". It also defines the Endpoint Property Service (EPS) to allow ALTO clients to retrieve 
those properties. While useful, the EPS as defined in [RFC7285] has at least three limitations, which 
are elaborated here. 


First, the EPS allows properties to be associated only with endpoints that are identified by 
individual communication addresses like IPv4 and IPv6 addresses. It is reasonable to think that 
collections of endpoints identified by Provider-Defined Identifiers (PIDs) may also have 
properties. Furthermore, recent ALTO use cases show that properties of entities such as Abstract 
Network Elements as defined in [PATH-VECTOR] are also useful. However, the current EPS is 
restricted to individual endpoints and cannot be applied to those entities. 


Second, the EPS only allows endpoints identified by global communication addresses. However, 
an endpoint address may be a local IP address or an anycast IP address that may not be globally 
unique. Additionally, an entity suchas a PID may have an identifier that is not globally unique. 
That is, the same PID may be used in multiple network maps, while in each network map, this PID 
points to a different set of addresses. 


Third, in Section 11.4 of [RFC7285], the EPS is only defined as a POST-mode service. ALTO clients 
must request the properties for an explicit set of endpoint addresses. By contrast, Section 11.2.3 of 
[RFC7285] defines a GET-mode cost map resource that returns all available costs, so an ALTO 
Client can retrieve a full set of costs once and then process cost lookups without querying the 
ALTO server. [RFC7285] does not define a similar service for endpoint properties. At first, a map of 
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endpoint properties might seem impractical because it could require enumerating the property 
value for every possible endpoint. In particular, the number of endpoint addresses involved by 
an ALTO server can be quite large. To avoid enumerating a large number of endpoint addresses 
inefficiently, the ALTO server might define properties for a sufficiently large subset of endpoints 
and then use an aggregation representation to reference endpoints in order to allow efficient 
enumeration. This is particularly true if blocks of endpoint addresses with a common prefix have 
the same value for a property. Entities in other domains may very well allow aggregated 
representation and hence be enumerable as well. 


To address these three limitations, this document specifies an ALTO Protocol extension for 
defining and retrieving ALTO properties: 


e The first limitation is addressed by introducing a generic concept called ALTO entity, which 
generalizes an endpoint and may represent a PID, a network element, a cell in a cellular 
network, an Abstract Network Element [PATH-VECTOR], or other physical or logical objects 
involved in a network topology. Each entity is included in a collection called an ALTO entity 
domain. Since each ALTO entity domain includes only one type of entity, each entity domain 
can be classified by the type of enclosed entities. 


e The second limitation is addressed by using resource-specific entity domains. A resource- 
specific entity domain contains entities that are defined and identified with respect to a 
given ALTO information resource, which provides scoping. For example, an entity domain 
containing PIDs is identified with respect to the network map in which these PIDs are defined. 
Likewise, an entity domain containing local IP addresses may be defined with respect toa 
local network map. 


e The third limitation is addressed by defining two new types of ALTO information resources: 
property map (Section 7) and filtered property map (Section 8). The former is a resource that 
is requested using the HTTP GET method, returns the property values for all entities in one or 
more entity domains, and is analogous to a network map ora cost map in Section 11.2 of 
[RFC7285]. The latter is a resource that is requested using the HTTP POST method, returns the 
values for sets of properties and entities requested by the client, and is analogous to a filtered 
network map or a filtered cost map. 


The entity property maps extension described in this document introduces a number of features 
that are summarized in Appendix A, where Table 11 lists the features and references the sections 
in this document that give their high-level and their normative descriptions. 


The protocol extension defined in this document can be augmented. New entity domain types 
can be defined without revising the present specification. Similarly, new cost metrics and new 
endpoint properties can be defined in other documents without revising the protocol 
specification defined in [RFC7285]. 


1.1. Terminology and Notation 


This document uses the following terms and abbreviations that will be further defined in the 
document. While this document introduces the feature "entity property map", it will use both the 
term "property map" and "entity property map" to refer to this feature. 
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Transaction: Arequest/response exchange between an ALTO client and an ALTO server. 


Client: When used witha capital "C", this term refers to an ALTO client. Note that expressions 
"ALTO client", "ALTO Client", and "Client" are equivalent. 


Server: When used witha capital "S", this term refers to an ALTO server. Note that expressions 
"ALTO server", "ALTO Server", and "Server" are equivalent. 


EPS: An abbreviation for Endpoint Property Service. 


This document uses the notation defined in Section 8.2 of [RFC7285]. 


2. Requirements Language 


The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", 
"RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be 
interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all 
capitals, as shown here. 


3. Basic Features of the Entity Property Map Extension 


This section gives a high-level overview of the basic features involved in ALTO entity property 
maps. It assumes the reader is familiar with the ALTO Protocol [RFC7285]. The purpose of this 
extension is to convey properties for objects that extend ALTO endpoints and are called ALTO 
Entities, or entities for short. 


The features introduced in this section can be used standalone. However, in some cases, these 
features may depend on particular information resources and need to be defined with respect to 
them. To this end, Section 4 introduces additional features that extend the ones presented in this 
section. 


3.1. Entity 


The concept of an ALTO entity generalizes the concept of an ALTO endpoint defined in Section 2.1 
of [RFC7285]. An entity is an object that can be an endpoint defined by its network address, but it 
can also be an object that has a defined mapping to a set of one or more network addresses or an 
object that is not even related to any network address. Thus, whereas all endpoints are entities, 
not all entities are endpoints. 


Examples of entities are: 


e an ALTO endpoint that represents an application or a host identified by a communication 
address (e.g., an IPv4 or IPv6 address) in a network, 


e a PID, defined in [RFC7285], that has a provider-defined, human-readable identifier specified 
by an ALTO network map, which maps a PID to a set of IPv4 and IPv6 addresses, 


e an Autonomous System (AS) that has an AS number (ASN) as its identifier and maps to a set 
of IPv4 and IPv6 addresses, which is defined in [RFC9241], 
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e a country witha code specified in [ISO3166-1] to which applications such as content delivery 
network (CDN) providers associate properties and capabilities, which is defined in [RFC9241], 


e a TCP or UDP network flow that is identified by a 5-tuple specifying its source and destination 
addresses and port numbers, and the IP protocol (TCP or UDP), 


e a routing element, as specified in [RFC7921], that is associated with routing capabilities 
information, or 


e an Abstract Network Element, as specified in [PATH-VECTOR], that represents an abstraction 
of a network part such as a router, one or more links, a network domain, or their aggregation. 


Some of the example entities listed above have already been documented as ALTO entities. The 
other examples are provided for illustration as potential entities. 


3.2. Entity Domain 


An entity domain defines a set of entities of the same semantic type. An entity domain is 
characterized by a type and identified by a name. 


In this document, an entity is owned by exactly one entity domain name. An entity identifier 
points to exactly one entity. If two entities in two different entity domains refer to the same 
physical or logical object, they are treated as different entities. For example, if an end host has 
both an IPv4 and an IPv6 address, these two addresses will be treated as two entities, defined 
respectively in the "ipv4" and "ipv6" entity domains. 


3.2.1. Entity Domain Type 


The entity domain type defines the semantics of the type of entity found in an entity domain. 
Entity domain types can be defined in different documents. For example: the present document 
defines entity domain types "ipv4" and "ipv6" in Section 6.1 and "pid" in Section 6.2. The entity 
domain type "ane", which defines Abstract Network Elements (ANEs), is introduced in [PATH- 
VECTOR]. The "countrycode" entity domain type that defines country codes is introduced in 
[RFC9241]. An entity domain type MUST be registered with IANA, as specified in Section 12.3.2. 


3.2.2. Entity Domain Name 


In this document, the identifier of an entity domain is mostly called "entity domain name". The 
identifier of an entity domain is scoped to an ALTO server. An entity domain identifier can 
sometimes be identical to the identifier of its relevant entity domain type. This is the case when 
the entities of a domain have an identifier that points to the same object throughout all the 
information resources of the Server that are providing entity properties for this domain. For 
example, a domain of type "ipv4" containing entities that are identified by a public IPv4 address 
can be named "ipv4" because its entities are uniquely identified by all the Server resources. 


In some cases, the name of an entity domain cannot be simply its entity domain type. Indeed, for 
some domain types, entities are defined relative to a given information resource. This is the case 
for entities of domain type "pid". A PID is defined relative to a network map. For example, an 
entity "mypid10" of domain type "pid" may be defined in a given network map and be undefined 
in other network maps. The entity "mypid10" may even be defined in two different network maps, 
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and it may map in each of these network maps to a different set of endpoint addresses. In this 
case, naming an entity domain only by its type "pid" does not guarantee that its set of entities is 
owned by exactly one entity domain. 


Sections 4.2 and 5.1.2 describe how a domain is uniquely identified across the ALTO server by a 
name that associates the domain type and the related information resource. 


3.3. Entity Property Type 


An entity property defines a property of an entity. This is similar to the endpoint property defined 
in Section 7.1 of [RFC7285]. An entity property can convey either network-aware or network- 
agnostic information. Similar to an entity domain, an entity property is characterized by a type 
and identified by a name. An entity property type MUST be registered with IANA, as specified in 
Section 12.4. 


Below are listed some examples with real and fictitious entity domain and property names: 


e an entity in the "ipv4" domain type may have a property whose value is an Autonomous 
System (AS) number indicating the AS to which this IPv4 address belongs and another 
property named "countrycode" indicating a country code mapping to this address, 


e an entity identified by its country code in the entity domain type "countrycode", defined in 
[RFC9241], may have a property indicating what delivery protocol is used by a CDN, or 

e an entity in the "netmap1.pid" domain may have a property that indicates the central 
geographical location of the endpoints it includes. 


It should be noted that some identifiers may be used for both an entity domain type anda 
property type. For example: 


e the identifier "countrycode" may point to both the entity domain type "countrycode" and the 
fictitious property type "countrycode". 
e the identifier "pid" may point to both the entity domain type "pid" and the property type "pid". 


Likewise, the same identifier may point to both a domain name anda property name. For 
example: the identifier "netmap10.pid" may point to either the domain defined by the PIDs of 
network map "netmap10" or to a property that returns, for an entity defined by its IPv4 address, 
the PID of "netmap10" that contains this entity. Such cases are further explained in Section 4. 


3.4. New Information Resource and Media Type: ALTO Property Map 


This document introduces a new ALTO information resource named property map. An ALTO 
property map provides a set of properties for one or more sets of entities. A property may apply 
to different entity domain types and names. For example, an ALTO property map may define the 
"ASN" property for both "ipv4" and "ipv6" entity domains. 


The present extension also introduces a new media type. 
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This document uses the same definition of an information resource as Section 9.1 of [RFC7285]. 
ALTO uses media types to uniquely indicate the data format used to encode the content to be 
transmitted between an ALTO server and an ALTO client in the HTTP entity body. In the present 
case, an ALTO property map resource is defined by the media type "application/alto- 
propmapt+json". 


A property map can be queried as a GET-mode resource, thus conveying all properties for all 
entities indicated in its capabilities. It can also be queried as a POST-mode resource, thus 
conveying a selection of properties for a selection of entities. 


4. Advanced Features of the Entity Property Map Extension 


This section gives a high-level overview of the advanced features involved in ALTO entity 
property maps. Most of these features extend the features defined in Section 3. 


4.1. Entity Identifier and Entity Domain Name 


In [RFC7285], an endpoint has an identifier that is explicitly associated with the "ipv4" or "ipv6" 
address domain. Examples are "ipv4:192.0.2.14" and "ipv6:2001:db8::12". 


In this document, example IPv4 and IPv6 addresses and prefixes are taken from the address 
ranges reserved for documentation by [RFC5737] and [RFC3849]. 


In this document, an entity must be owned by exactly one entity domain name, and an entity 
identifier must point to exactly one entity. To ensure this, an entity identifier is explicitly attached 
to the name of its entity domain, and an entity domain type characterizes the semantics and 
identifier format of its entities. 


The encoding format of an entity identifier is further specified in Section 5.1.3 of this document. 
For instance: 


e if an entity is an endpoint with IPv4 address "192.0.2.14", its identifier is associated with entity 
domain name "ipv4" and is "ipv4:192.0.2.14"; 


e if an entity isa PID named "mypidi0" in network map resource "netmap2", its identifier is 
associated with entity domain name "netmap2.pid" and is "netmap2.pid:mypid10". 


4.2. Resource-Specific Entity Domain Name 


Some entities are defined and identified uniquely and globally in the context of an ALTO server. 
This is the case, for instance, when entities are endpoints that are identified by a reachable IPv4 
or IPv6 address. The entity domain for such entities can be globally defined and named "ipv4" or 
"ipv6". Those entity domains are called resource-agnostic entity domains in this document, as 
they are not associated with any specific ALTO information resources. 


Some other entities and entity types are only defined relative to a given information resource. 
This is the case for entities of domain type "pid", which can only be understood with respect to the 
network map where they are defined. For example, a PID named "mypid10" may be defined to 
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represent a set S1 of IP addresses in a network map resource named "netmap1". Another network 
map "netmap2" may use the same name "mypid10" and define it to represent another set S2 of IP 
addresses. The identifier "pid:mypid10" may thus point to different objects because the 
information on the originating information resource is lost. 


To solve this ambiguity, the present extension introduces the concept of resource-specific entity 
domain. This concept applies to domain types where entities are defined relative to a given 
information resource. It can also apply to entity domains that are defined locally, such as local 
networks of objects identified with a local IPv4 address. 


In such cases, an entity domain type is explicitly associated with an identifier of the information 
resource where these entities are defined. Such an information resource is referred to as the 
"specific information resource". Using a resource-aware entity domain name, an ALTO property 
map can unambiguously identify distinct entity domains of the same type, on which entity 
properties may be queried. Examples of resource-specific entity domain names may look like 
"netmap1.pid" or "netmap2.pid". Thus, a name association such as "netmap1.pid:mypid10" and 
"netmap2.pid:mypid10" distinguishes the two abovementioned PIDs that are both named 
"mypid10" but in two different resources, "netmap1" and "netmap2". 


An information resource is defined in the scope of an ALTO Server and so is an entity domain 
name. The format of a resource-specific entity domain name is further specified in Section 5.1.2. 


4.3. Resource-Specific Entity Property Value 


Like entity domains, some types of properties are defined relative to an information resource. 
That is, an entity may have a property of a given type whose values are associated with different 
information resources. 


For example, suppose entity "192.0.2.34" defined in the "ipv4" domain has a property of type "pid" 
whose value is the PID to which address "192.0.2.34" is attached in a network map. The mapping of 
network addresses to PIDs is specific to a network map and probably different from one network 
map resource to another one. Thus, if a property "pid" is defined for entity "192.0.2.34" in two 
different network maps "netmap1" and "netmap2", the value for this property can be a different 
value in "netmap1" and "netmap2". 


To support information-resource-dependent property values, this document uses the same 
approach as in Section 10.8.1 (""Resource-Specific Endpoint Properties") of [RFC7285]. When a 
property value depends on a given information resource, the name of this property MUST be 
explicitly associated with the information resource that defines it. 


For example, the property "pid" queried on entity "ipv4:192.0.2.34" and defined in both "netmap1" 
and "netmap2" can be named "netmap1.pid" and "netmap2.pid". This allows a Client to get a 
property of the same type but defined in different information resources with a single query. 
Specifications for the property name format are provided in Section 5.2. 
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4.4. Entity Hierarchy and Property Inheritance 


For some domain types, there is an underlying structure that allows entities to be efficiently 
grouped into a set and be defined by the identifier of this set. This is the case for domain types 
"ipv4" and "ipv6", where individual Internet addresses can be grouped in blocks. When the same 
property value applies to a whole set, a Server can define a property for the identifier of this set 
instead of enumerating all the entities and their properties. This allows a substantial reduction of 
transmission payload both for the Server and the Client. For example, all the entities included in 
the set defined by the address block "ipv6:2001:db8::1/64" share the same properties and values 
defined for this block. 


Additionally, entity sets sometimes are related by inclusion, hierarchy, or other relations. This 
allows defining inheritance rules for entity properties that propagate properties among related 
entity sets. The Server and the Client can use these inheritance rules for further payload savings. 
Entity hierarchy and property inheritance rules are specified in the documents that define the 
applicable domain types. The present document defines these rules for the "ipv4" and "ipv6" 
domain types. 


For applicable domain types, this document introduces entity property inheritance rules with the 
following concepts: entity hierarchy, property inheritance, and property value unicity. A detailed 
specification of entity hierarchy and property inheritance rules is provided in Section 5.1.4. 


4.4.1. Entity Hierarchy 


An entity domain may allow the use of a single identifier to identify a set of related individual 
entities. For example, a Classless Inter-Domain Routing (CIDR) block can be used to identify a set 
of IPv4 or IPV6 entities. A CIDR block is called a hierarchical entity identifier, as it can reflect 
inclusion relations among entity sets. That is, in an entity hierarchy, "supersets" are defined at 
upper levels and include "subsets" defined at lower levels. For example, the CIDR "ipv4:192.0.1.0/24" 
includes all the individual IPv4 entities identified by the CIDR "ipv4:192.0.1.0/26". This document 
will sometimes use the term "hierarchical address" to refer to a hierarchical entity identifier. 


4.4.2. Property Inheritance 


A property may be defined for a hierarchical entity identifier, while it may be undefined for 
individual entities covered by this identifier. In this case, these individual entities inherit the 
property value defined for the identifier that covers them. For example, suppose a property map 
defines a property P for which it assigns value V1 only for the hierarchical entity identifier 
"ipv4:192.0.1.0/24" but not for individual entities in this block. Suppose also that inheritance rules 
are specified for CIDR blocks in the "ipv4" domain type. When receiving this property map, a 
Client can infer that entity "ipv4:192.0.1.1" inherits the property value V1 of block 
"jpv4:192.0.1.0/24" because the address "ipv4:192.0.1.1" is included in the CIDR block 
"jpv4:192.0.1.0/24". 


Property value inheritance rules also apply among entity sets. A property map may define values 
for an entity set belonging to a hierarchy but not for "subsets" that are covered by this set 
identifier. In this case, inheritance rules must specify how entities in "subsets" inherit property 
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values from their "superset". For instance, suppose a property P is defined only for the entity set 
defined by address block "ipv4:192.0.1.0/24". We know that entity set "ipv4:192.0.1.0/30" is included 
in "ipv4:192.0.1.0/24". Therefore, the entities of "ipv4:192.0.1.0/30" may inherit the value of property 
P from set "ipv4:192.0.1.0/24" if an inheritance rule from "ipv4" CIDR blocks to included "ipv4" CIDR 
blocks is specified. 


4.4.3. Property Value Unicity 


The inheritance rules must ensure that an entity belonging to a hierarchical set of entities inherits 
no more than one property value, for the sake of consistency. Indeed, a property map may define 
a property for a hierarchy of entity sets that inherits property values from one or more supersets 
(located at upper levels). On the other hand, a property value defined for a subset (located at a 
lower level) may be different from the value defined for a superset. In sucha case, subsets may 
potentially end up with different property values. This may be the case for address blocks with 
increasing prefix length, on which a property value becomes increasingly accurate and thus may 
differ. For example, a fictitious property suchas "geo-location" or "average transfer volume" may 
be defined at a progressively finer grain for lower-level subsets of entities defined with 
progressively longer CIDR prefixes. It seems more interesting to have property values of 
progressively higher accuracy. A unicity rule applied to the entity domain type must specify an 
arbitration rule among the different property values for an entity. An example illustrating the 
need for such rules is provided in Section 6.1.3. 


4.5. Supported Properties for Entity Domains in Property Map Capabilities 


A property type is not necessarily applicable to any domain type, or an ALTO Server may choose 
not to provide a property for all applicable domains. For instance, a property type reflecting link 
bandwidth is likely not defined for entities of a domain of type "countrycode". Therefore, an ALTO 
server providing property maps needs to specify the properties that can be queried on the 
different entity domains it supports. 


This document explains how the Information Resource Directory (IRD) capabilities of a property 
map resource unambiguously expose which properties a Client can query on a given entity 
domain: 


e a field named "mappings" lists the names of the entity domains supported by the property 
map, and 


e for each listed entity domain, a list of the names of the applicable properties is provided. 


An example is provided in Section 10.3. The "mappings" field associates entity domains and 
properties that can be resource-agnostic or resource-specific. This allows a Client to formulate 
compact and unambiguous entity property queries, possibly relating to one or more information 
resources. In particular: 


e it prevents a Client from querying a property for entity domains for which it is not defined; 


e it allows a Client to query, for an entity E, values for a property P that are defined in several 
information resources; and 
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e it allows a Client to query a property P on entities that are defined in several information 
resources. 


Further details are provided in Section 7.4. 


4.6. Defining Information Resource for Resource-Specific Entity Domains 


A Client willing to query entity properties belonging to a domain needs to know how to retrieve 
these entities. To this end, the Client can look up the "mappings" field exposed in IRD capabilities 
of a property map; see Section 4.5. This field, in its keys, exposes all the entity domains supported 
by the property map. The syntax of the entity domain identifier specified in Section 5.1.2 allows 
the client to infer whether the entity domain is resource-specific or not. The Client can extract, if 
applicable, the identifier of the specific resource, query the resource, and retrieve the entities. For 
example: 


e an entity domain named "netmap1.ipv4" includes the IPv4 addresses that appear in the "ipv4" 
field of the endpoint address group of each PID in the network map "netmap1" and that have 
no meaning outside "netmap1" because, for instance, these are local addresses not reachable 
outside some private network; 


e an entity domain named "netmap1.pid" includes the PIDs listed in network map "netmap1"; 
and 


e an entity domain named "ipv4" is resource-agnostic and covers all the reachable IPv4 
addresses. 


Besides, it is not possible to prevent a Server from mistakenly exposing inappropriate 
associations of information resources and entity domain types. To prevent failures due to invalid 
queries, it is necessary to inform the Client which associations are allowed. An informed Client 
will just ignore inappropriate associations exposed by a Server and avoid error-prone 
transactions with the Server. 


For example, the association "costmap3.pid" is not allowed for the following reason: althougha 
cost map exposes PID identifiers, it does not define the set of addresses included in this PID. 
Neither does a cost map list all the PIDs on which properties can be queried because a cost map 
only exposes PID pairs on which a queried cost type is defined. Therefore, the resource "costmap3" 
does not enable a Client to extract information on the existing PID entities or on the addresses 
they contain. 


Instead, the cost map uses a network map where all the PIDs used in a cost map are defined 
together with the addresses contained by the PIDs. This network map is qualified in this document 
as the defining information resource for the entity domain of type "pid", and this concept is 
explained in Section 4.6.1. 


4.6.1. Defining Information Resource and Its Media Type 


For the reasons explained in Section 4.6, this document introduces the concept of "Defining 
Information Resource and its Media Type". 
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A defining information resource for an entity domain D is the information resource where 
entities of D are defined. That is, all the information on the entities of D can be retrieved in this 
resource. A defining information resource is defined for resource-specific entity domains. It does 
not exist for entity domains that are not resource-specific such as "ipv4" or "ipv6". Neither does it 
exist for entity domains that are covering entity identifiers already defined in other 
standardization documents, as is the case for country code identifiers standardized in 
[ISO3166-1] or AS numbers allocated by IANA. This is useful for entity domain types that are by 
essence domain-specific, such as the domain type "pid". It is also useful for resource-specific 
entity domains constructed from resource-agnostic domain types, such as network-map-specific 
domains of local IPv4 addresses. 


The defining information resource of a resource-specific entity domain D, when it exists, is unique 
and has the following characteristics: 


e jt has an entry in the IRD; 

e it defines the entities of D; 

e it does not use another information resource that defines these entities; 
e it defines and exposes entity identifiers that are all persistent; and 


e its media type is equal to the one that is specified for the defining information resource of an 
entity domain type. 


A fundamental characteristic of a defining information resource is its media type. There is a 
unique association between an entity domain type and the media type of its defining 
information resource. When an entity domain type allows associations with defining 
information resources, the media type of the potential defining information resource MUST be 
specified: 


e in the document that defines this entity domain type, and 
e in the "ALTO Entity Domain Types" IANA registry. 


When the Client wants to use a resource-specific entity domain, it needs to be cognizant of the 
media type of its defining information resource. If the Server exposes a resource-specific entity 
domain with a noncompliant media type for the defining resource, the Client MUST ignore the 
entities from that entity domain to avoid errors. 


4.6.2. Examples of Defining Information Resources and Their Media Types 


Here are examples of defining information resource types and their media types associated with 
different entity domain types: 


e For entity domain type "pid", the media type of the specific resource is "application/alto- 
networkmap+json" because PIDs are defined in network map resources. 

e For entity domain types "ipv4" and "ipv6", the media type of the specific resource is 
"application/alto-networkmaptjson" because IPv4 and IPv6 addresses covered by the Server 
are defined in network map resources. 

e For entities of domain type "ane"; [PATH-VECTOR] defines entities named "ANE", where ANE 
stands for Abstract Network Element, and the entity domain type "ane". An ANE may havea 
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persistent identifier, say, "entity-4", that is provided by the Server as a value of the "persistent- 
entity-id" property of this ANE. Further properties may then be queried on an ANE by using its 
persistent entity identifier. These properties are available from a persistent property map 
that defines properties for a specific "ane" domain. Together with the persistent identifier, the 
Server also provides the property map resource identifier where the "ane" domain containing 
"entity-4" is defined. The definition of the "ane" entity domain containing "entity-4" is thus 
specific to the property map. Therefore, for entities of domain type "ane" that havea 
persistent identifier, the media type of the defining information resource is "application/alto- 
propmapz+json". 

e Last, the entity domain types "asn" and "countrycode" defined in [RFC9241] do not havea 
defining information resource. Indeed, the entity identifiers in these two entity domain types 
are already standardized in documents that the Client can use. 


4.7. Defining Information Resources for Resource-Specific Property Values 


As explained in Section 4.3, a property type may take values that are resource-specific. This is the 
case for property type "pid", whose values are by essence defined relative to a specific network 
map. That is, the PID value returned for an IPv4 address is specific to the network map defining 
this PID and may differ from one network map to another one. 


Another example is provided in [RFC9241], which defines property type "cdni-capabilities". The 
value of this property is specific to a Content Delivery Network Interconnection (CDND 
Advertisement resource, which provides a list of CDNI capabilities. The property is provided for 
entity domain types "ipv4", "ipv6", "asn", and "countrycode". However, a CDNI Advertisement 
resource does not define PID values for IPv4 addresses, while a network map does not define 
CDNI capabilities for IPv4 addresses. 


Similar to resource-specific entity domains, the Client needs to be cognizant of appropriate 
associations of information resource and property types. Therefore, when specifying and 
registering a property type whose values are resource-specific, the media type of its defining 
information resource needs to be specified. For example: 


e The media type of the defining information resource for property type "pid" is "application/ 
alto-networkmapz+json". 


° The media type of the defining information resource for property type "cdni-capabilities" 
defined in [RFC9241] is "“application/alto-cdni+json". 


5. Protocol Specification: Basic Data Types 


5.1. Entity Domain 


5.1.1. Entity Domain Type 


An entity domain has a type, which is uniquely identified by a string that MUST be no more than 
64 characters, and MUST NOT contain characters other than US-ASCII alphanumeric characters 
(U+0030-U +0039, U+0041-U+005A, and U+0061-U+007A), the hyphen-minus ('-', U+002D), the colon 
(‘:', U+003A), or the low line ('_', U+005F). 
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The usage of colon (‘:', U+003A) MUST obey the rules below: 


e The colon (":', U+003A) character MUST NOT appear more than once; 

° The colon character MUST NOT be used unless within the string "priv:"; 

e The string "priv:" MUST NOT be used unless it starts the string that identifies an entity domain 
type; and 

e For an entity domain type identifier with the "priv:" prefix, an additional string (e.g., 
company identifier or random string) MUST follow "priv:" to reduce potential collisions. 


For example, the strings "ipv4", "ipv6", "pid", and "priv:example-test-edt", are valid entity domain 


types. "ipv4.anycast", "pid.local", and "priv:" are invalid. 
Although "_","-","__--" are valid entity domain types, it is desirable to add characters, such as 
alphanumeric ones, for better intelligibility. 


The type EntityDomainType is used in this document to denote a JSON string meeting the 
preceding requirements. 


An entity domain type defines the semantics of a type of entity, independently of any specifying 
resource. All entity domain types that are not prefixed with "priv:" MUST be registered with IANA 
in the "ALTO Entity Domain Types" registry, defined in Section 12.3, following the procedure 
specified in Section 12.3.2 of this document. The format of the entity identifiers (see Section 5.1.3) 
in that entity domain type, as well as any hierarchical or inheritance rules (see Section 5.1.4) for 
those entities, MUST be specified in the IANA registration. 


Entity domain type identifiers prefixed with "priv:" are reserved for Private Use (see [RFC8126]) 
without a need to register with IANA. The definition of a private-use entity domain type MUST 
apply the same way in all property maps of an IRD where it is present. 

5.1.2. Entity Domain Name 

As discussed in Section 3.2, an entity domain is characterized by a type and identified by a name. 
This document distinguishes three categories of entity domains: resource-specific entity domains, 


resource-agnostic entity domains, and self-defined entity domains. Their entity domain names 
are constructed as specified in the following subsections. 


Each entity domain is identified by a unique entity domain name. Borrowing the symbol "::=" 
from the Backus-Naur Form notation [RFC5511], the format of an entity domain name is defined 
as follows: 


1 


EntityDomainName ::= [ [ ResourceID ] ] EntityDomainType 
The presence and construction of the component 


H [ ResourceID ] '.' J" 
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depends on the category of entity domain. 


Note that the '.’ separator is not allowed in EntityDomainType, and hence there is no ambiguity 
on whether an entity domain name refers to a resource-agnostic entity domain or a resource- 
specific entity domain. 


Note also that Section 10.1 of [RFC7285] specifies the format of the PID name, which is the format 
of the resource identifier including the following specification: 


The '.' separator is reserved for future use and MUST NOT be used unless specifically 
indicated in this document, or an extension document. 


The present extension keeps the format specification of [RFC7285], hence the '.' separator MUST 
NOT be used in an information resource identifier. 


5.1.2.1. Resource-Specific Entity Domain 


A resource-specific entity domain is identified by an entity domain name constructed as follows. 
It MUST start with a resource identifier using the ResourceID type defined in Section 10.2 of 
[RFC7285], followed by the '.' separator (U+002E), followed by a string of the type 
EntityDomainType specified in Section 5.1.1. 


For example, if an ALTO server provides two network maps "netmap-1" and "netmap-2", these 
network maps can define two resource-specific domains of type "pid", respectively identified by 
"netmap-1.pid" and "netmap-2.pid". 


5.1.2.2. Resource-Agnostic Entity Domain 


A resource-agnostic entity domain contains entities that are identified independently of any 
information resource. The identifier of a resource-agnostic entity domain is simply the identifier 
of its entity domain type. For example, "ipv4" and "ipv6" identify the two resource-agnostic 
Internet address entity domains defined in Section 6.1. 


5.1.2.3. Self-Defined Entity Domain 


A property map can define properties for entities that are specific to a unique information 
resource, which is the property map itself. This may be the case when an ALTO Server provides 
properties for a set of entities that are defined only in this property map, are not relevant to 
another one, and do not depend on another specific resource. 


For example: a specialized property map may define a domain of type "ane", defined in [PATH- 
VECTOR], that contains a set of ANEs representing data centers that each have a persistent 
identifier and are relevant only to this property map. 


In this case, the entity domain is qualified as "self-defined". The identifier of a self-defined entity 
domain can be of the format: 
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1 1 


EntityDomainName ::= '.' EntityDomainType 


where '.' indicates that the entity domain only exists within the property map resource using it. 


A self-defined entity domain can be viewed as a particular case of resource-specific entity 
domain, where the specific resource is the current resource that uses this entity domain. In that 
case, for the sake of simplification, the component ResourceID MUST be omitted in its entity 
domain name. 


5.1.3. Entity Identifier 


Entities in an entity domain are identified by entity identifiers (EntityID) of the following format: 
EntityID ::= EntityDomainName ':' DomainTypeSpecificEntityID 


Examples from the Internet address entity domains include individual IP addresses such as 
"net1.ipv4:192.0.2.14" and "net1.ipv6:2001:db8::12", as well as address blocks such as 
"net1.ipv4:192.0.2.0/26" and "net1.ipv6:2001:db8::/48". 


The format of the second part of an entity identifier, DomainTypeSpecificEntityID, depends on 
the entity domain type and MUST be specified when defining a newentity domain type and 
registering it with IANA. Identifiers MAY be hierarchical, and properties MAY be inherited based on 
that hierarchy. The rules defining any hierarchy or inheritance MUST be defined when the entity 
domain type is registered. 


The type EntityID is used in this document to denote a JSON string representing an entity 
identifier in this format. 


Note that two entity identifiers with different, valid textual representations may refer to the same 
entity, for a given entity domain. For example, the strings "net1.ipv6:2001:db8::1" and 
"net1.ipv6:2001:db8:0:0:0:0:0:1" refer to the same entity in the "ipv6" entity domain. Such 
equivalences should be established by the object represented by DomainTypeSpecificEntityID. For 
example, [RFC5952] establishes equivalence for IPv6 addresses, while [RFC4632] does so for IPv4 
addresses. 


5.1.4. Hierarchy and Inheritance 


To simplify the representation, some types of entity domains allow the ALTO Client and Server to 
use a hierarchical entity identifier format to represent a block of individual entities. For instance, 
in an IPv4 domain "net1.ipv4", a CIDR "net1.ipv4:192.0.2.0/26" covers 64 individual IPv4 entities. In 
this case, the corresponding property inheritance rule MUST be defined for the entity domain 
type. The hierarchy and inheritance rule MUST have no ambiguity. 


5.2. Entity Property 


Each entity property has a type to indicate the encoding and the semantics of the value of this 
entity property, and has a name to identify it. 
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5.2.1. Entity Property Type 


The type EntityPropertyType is used in this document to indicate a string denoting an entity 
property type. The string MUST be no more than 32 characters, and it MUST NOT contain 
characters other than US-ASCII alphanumeric characters (U+0030-U+0039, U+0041-U+005A, and 
U+0061-U+007A), the hyphen-minus ('-', U+002D), the colon (':', U+003A), or the low line (‘_', U+005F). 
Note that the '.' separator is not allowed because it is reserved to separate an entity property type 
and an information resource identifier when an entity property is resource-specific. 


While Section 5.1.1 allows the use of the character ":" with restrictions on entity domain 
identifiers, it can be used without restrictions on entity property type identifiers. This relates to 
[RFC7285], where a Server can define properties for endpoints "ipv4" and "ipv6". In the present 
extension, there is a mapping of ALTO entity domain types "ipv4" and "ipv6" to ALTO address 
types "ipv4" and "ipv6". Properties defined for "ipv4" and "ipv6" endpoints should be reusable on 
"ipv4" and "ipv6" entities. Forbidding the usage of ":" in a non-private entity property type 
identifier would not allow the use of properties previously defined for "ipv4" and "ipv6" endpoints 
because their identifiers would be invalid. 


Although ":" or "_::-" are valid entity domain types, it is desirable to add characters, such as 
alphanumeric ones, for better intelligibility. 


Identifiers prefixed with "priv:" are reserved for Private Use [RFC8126] without a need to register 
with IANA. All other identifiers for entity property types MUST be registered in the "ALTO Entity 
Property Types" registry, which is defined in Section 12.4. The intended semantics of the entity 
property type MUST be specified in the IANA registration. 


For an entity property identifier with the "priv:" prefix, an additional string (e.g., company 
identifier or random string) MUST follow the prefix to reduce potential collisions, that is, the 
string "priv:" alone is not a valid entity property identifier. The definition of a private-use entity 
property type must apply the same way in all property maps of an IRD where it is present. 


To distinguish from the endpoint property type, the entity property type has the following 
characteristics: 


e Some entity property types are applicable only to entities in particular entity domain types. 
For example, the property type "pid" is applicable to entities in the entity domain types "ipv4" 
or "ipv6", while it is not applicable to entities in an entity domain of type "pid". 

° The intended semantics of the value of an entity property may also depend on the entity 
domain type. For example, suppose that a property named "geo-location" is defined as the 
coordinates of a point and is encoded as: "latitude longitude [altitude]." When applied to an 
entity that represents a specific host computer and identified by an address in an entity 
domain of type "ipv4" or "ipv6", the "geo-location" property would define the host's location. 
However, when applied to an entity in a domain of type "pid", the property would indicate a 
location representative of all hosts in this "pid" entity. 
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5.2.2. Entity Property Name 


Each entity property is identified by an entity property name, whichis a string of the following 
format: 


1 


EntityPropertyName ::= [ [ ResourceID ] ] EntityPropertyType 


Similar to the endpoint property type defined in Section 10.8 of [RFC7285], each entity property 
may be defined by either the property map itself (self-defined) or some other specific information 
resource (resource-specific). 


The entity property name of a resource-specific entity property starts with a string of the type 
ResourcelID defined in [RFC7285], followed by the '.' separator (U+002E) and an 
EntityDomainType typed string. For example, the "pid" properties of an "ipv4" entity defined by 
two different maps "net-map-1" and "net-map-2" are identified by "net-map-1.pid" and "net- 
map-2.pid" respectively. 


The specific information resource of an entity property may be the current information resource 
itself, that is, the property map defining the property. In that case, the ResourceID in the property 
name SHOULD be omitted. For example, the property name ".ASN" applied to an entity identified 
by its IPv4 address indicates the AS number of the AS that "owns" the entity, where the returned AS 
number is defined by the property map itself. 


5.2.3. Format for Entity Property Value 


Section 11.4.1.6 of [RFC7285] specifies that an implementation of the Endpoint Property Service 
specified in [RFC7285] SHOULD assume that the property value is a JSONString and fail to parse if 
it is not. This document extends the format of a property value by allowing it to be a JSONValue 
instead of just a JSONString. 


6. Entity Domain Types Defined in This Document 


The definition of each entity domain type MUST include the entity domain type name and the 
domain-specific entity identifiers. The definition of an entity domain type MAY include hierarchy 
and inheritance semantics. This document defines three initial entity domain types as follows. 


6.1. Internet Address Domain Types 


The document defines two entity domain types (IPv4 and IPv6) for Internet addresses. Both types 
are resource-agnostic entity domain types and hence define corresponding resource-agnostic 
entity domains as well. Since the two domains use the same hierarchy and inheritance semantics, 
we define the semantics together, instead of repeating for each. 
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6.1.1. Entity Domain Type: IPv4 


6.1.1.1. Entity Domain Type Identifier 
The identifier for this entity domain type is "ipv4". 


6.1.1.2. Domain-Specific Entity Identifiers 


Individual addresses are strings as specified by the IPv4address rule in Section 3.2.2 of [RFC3986]; 
hierarchical addresses are strings as specified by the prefix notation in Section 3.1 of [RFC4632]. 
An individual Internet address and the corresponding full-length prefix are considered aliases for 
the same entity on which to define properties. Thus, "ipv4:192.0.2.0" and "ipv4:192.0.2.0/32" are 
equivalent. 


6.1.2. Entity Domain Type: IPv6 


6.1.2.1. Entity Domain Type Identifier 
The identifier for this Entity Domain Type is "ipv6". 


6.1.2.2. Domain-Specific Entity Identifiers 


Individual addresses are strings as specified by Section 4 of [RFC5952]; hierarchical addresses are 
strings as specified by IPv6 address prefixes notation in Section 2.3 of [RFC4291]. To define 
properties, an individual Internet address and the corresponding 128-bit prefix are considered 
aliases for the same entity. That is, "ipv6:2001:db8::1" and "ipv6:2001:db8::1/128" are equivalent 
and have the same set of properties. 


6.1.3. Hierarchy and Inheritance of Internet Address Domains 


Both Internet address domains allow property values to be inherited. Specifically, if a property P 
is not defined for a specific Internet address I, but P is defined for a hierarchical Internet address 
C that represents a set of addresses containing I, then the address I inherits the value of P defined 
for the hierarchical address C. If more than one such hierarchical addresses define a value for P, I 
inherits the value of P in the hierarchical address with the longest prefix. Note that this longest 
prefix rule ensures no multiple value inheritances, and hence no ambiguity. 


Hierarchical addresses can also inherit properties. For instance, if a property P: 


e is not defined for the hierarchical address C, 


e but is defined for a set of hierarchical addresses where: 
o each address C' in the set contains all IP addresses in C, and 


o C' has a shorter prefix length than C, 
then C MUST inherit the property P from the C' having the longest prefix length. 


As an example, suppose that a server defines a property P for the following entities: 


ipv4:192.0.2.0/26: P=v1 
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ipv4:192.0.2.0/28: P=v2 
ipv4:192.0.2.0/30: P=v3 
ipv4:192.0.2.0: P=v4 


Table 1: Defined Property Values 


Then the following entities have the indicated values: 


ipv4:192.0.2.0: P=v4 
ipv4:192.0.2.1: P=v3 
ipv4:192.0.2.16: P=v1 
ipv4:192.0.2.32: P=v1 
ipv4:192.0.2.64: (not defined) 
ipv4:192.0.2.0/32: P=v4 
ipv4:192.0.2.0/31: P=v3 
ipv4:192.0.2.0/29: P=v2 
ipv4:192.0.2.0/27: P=v1 
ipv4:192.0.2.0/25: (not defined) 


Table 2: Inherited Property Values 


An ALTO server MAY explicitly indicate a property as not having a value for a particular entity. 
That is, a server MAY say that property P of entity X is "defined to have no value" instead of 
"undefined". To indicate "no value", a server MAY perform different behaviors: 


e If entity X would inherit a value for property P, and if the ALTO server decides to say that "X 
has no value for P", then the ALTO server MUST return a "null" value for that property on X. In 
this case, the ALTO client MUST recognize the JSON "null" value as "no value" and interpret it 
as "do not apply the inheritance rules for this property on X". 

e If the entity would not inherit a value, then the ALTO server MAY return "null" or just omit the 
property. In this case, the ALTO client cannot infer the value for this property of this entity 
from the Inheritance rules. Thus, the client MUST interpret that this property has no value. 


If the ALTO server does not define any properties for an entity, then the server MAY omit that 
entity from the response. 
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6.1.4. Defining Information Resource Media Type for Domain Types IPv4 and IPv6 


Entity domain types "ipv4" and "ipv6" both allow the definition of resource-specific entity 
domains. When resource-specific domains are defined with entities of domain type "ipv4" or 
"ipv6", the defining information resource for an entity domain of type "ipv4" or "ipv6" MUST bea 
network map. The media type of a defining information resource is therefore: 


application/alto-networkmap+json 


6.2. Entity Domain Type: PID 


The PID entity domain associates property values with the PIDs in a network map. Accordingly, 
this entity domain always depends on a network map. 


6.2.1. Entity Domain Type Identifier 
The identifier for this Entity Domain Type is "pid". 


6.2.2. Domain-Specific Entity Identifiers 


The entity identifiers are the PID names of the associated network map. 


6.2.3. Hierarchy and Inheritance 


There is no hierarchy or inheritance for properties associated with PIDs. 


6.2.4. Defining Information Resource Media Type for Domain Type PID 


The entity domain type "pid" allows the definition of resource-specific entity domains. When 
resource-specific domains are defined with entities of domain type "pid", the defining 
information resource for entity domain type "pid" MUST be a network map. The media type of a 
defining information resource is therefore: 


application/alto-networkmap+json 


6.2.5. Relationship To Internet Addresses Domains 


The PID domain and the Internet address domains are completely independent; the properties 
associated with a PID have no relation to the properties associated with the prefixes or endpoint 
addresses in that PID. An ALTO server MAY choose to assign all the properties of a PID to the 
prefixes in that PID or only some of these properties. 


For example, suppose "PID1" consists of the prefix "ipv4:192.0.2.0/24" and has the property P with 
value v1. The Internet address entities "ipv4:192.0.2.0" and "ipv4:192.0.2.0/24" in the IPv4 domain 
MAY have a value for the property P, and if they do, it is not necessarily v1. 
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6.3. Internet Address Properties vs. PID Properties 


Because the Internet address and PID domains relate to completely distinct domain types, the 
question may arise as to which entity domain type is the best for a property. In general, the 
Internet address domain types are RECOMMENDED for properties that are closely related to the 
Internet address or are associated with, and inherited through, hierarchical addresses. 


The PID domain type is RECOMMENDED for properties that arise from the definition of the PID, 
rather than from the Internet address prefixes in that PID. 


For example, because Internet addresses are allocated to service providers by blocks of prefixes, 
an "ISP" property would be best associated with Internet address domain types. On the other 
hand, a property that explains why a PID was formed, or howit relates to a provider's network, 
would best be associated with the PID domain type. 


7. Property Map 


A property map returns the properties defined for all entities in one or more domains, e.g., the 
"location" property of entities in a domain of type "pid", and the "ASN" property of entities in 
domains of types "ipv4" and "ipv6". Section 10.4 gives an example of a property map request and 
its response. 


Downloading the whole property map is a way for the Client to obtain the entity identifiers that 
can be used as input for a filtered property map request. However, a whole property map may be 
too voluminous for a Client that only wants the list of applicable entity identifiers. How to obtain 
the list of entities of a filtered property map in a simplified response is specified in Section 8. 


7.1. Media Type 


The media type of a property map is "application/alto-propmap+json". 


7.2. HTTP Method 
The property map is requested using the HTTP GET method. 


7.3. Accept Input Parameters 


A property map has no Accept Input parameters. 


7.4. Capabilities 
The capabilities are defined by an object of type PropertyMapCapabilities: 
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object { 
EntityPropertyMapping mappings; 
} PropertyMapCapabilities; 


object-map { 
EntityDomainName -> EntityPropertyName<1..*>; 
} EntityPropertyMapping 


with fields: 


mappings: AJSON object whose keys are names of entity domains and values are the supported 
entity properties of the corresponding entity domains. 


7.5. Uses 


The "uses" field of a property map resource in an IRD entry specifies the resources in this same 
IRD on which this property map directly depends. It is an array of resource identifier(s). This 
array identifies the defining information resources associated with the resource-specific entity 
domains and properties that are indicated in this resource. 


7.6. Response 


If the entity domains in this property map depend on other resources, the "dependent-vtags" field 
in the "meta" field of the response MUST be an array that includes the version tags of those 
resources, and the order MUST be consistent with the "uses" field of this property map resource. 
The data component of a property map response is named "property-map", which is a JSON 
object of type PropertyMapData, where: 


object { 
PropertyMapData property-map; 
} InfoResourceProperties : ResponseEntityBase; 


object-map { 
EntityID -> EntityProps; 
} PropertyMapData; 


object { 
EntityPropertyName -> JSONValue; 
} EntityProps; 


The ResponseEntityBase type is defined in Section 8.4 of [RFC7285]. 


Specifically, a PropertyMapData object has one member for each entity in the property map. The 
entity's properties are encoded in the corresponding EntityProps object. EntityProps encodes one 
name/value pair for each property, where the property names are encoded as strings of type 
PropertyName. A protocol implementation SHOULD assume that the property value is either a 
JSONString or a JSON "null" value, and fail to parse if it is not, unless the implementation is using 
an extension to this document that indicates when and how property values of other data types 
are signaled. 
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For each entity in the property map: 


e If the entity is in a resource-specific entity domain, the ALTO server MUST only return self- 
defined properties and resource-specific properties that depend on the same resource as the 
entity does. The ALTO client MUST ignore any resource-specific property for this entity if the 
mapping between this resource-specific property and this entity is not indicated, in the IRD, 
in the "mappings" capability of the property map resource. 

e If the entity identifier is resource-agnostic, the ALTO server SHOULD return the self-defined 
properties and all the resource-specific properties defined in the property-defining 
information resources that are indicated, in the IRD, in the "mappings" capability of the 
property map resource, unless property values can be omitted upon some inheritance rules. 


The ALTO server MAY omit property values that are inherited rather than explicitly defined in 
order to achieve more compact encoding. As a consequence, the ALTO Client MUST NOT assume 
inherited property values will all be present. If the Client needs inherited values, it MUST use the 
entity domain's inheritance rules to deduce those values. 


8. Filtered Property Map 


A filtered property map returns the values of a set of properties for a set of entities selected by the 
client. 


Sections 10.5, 10.6, 10.7, and 10.8 give examples of filtered property map requests and responses. 


While the IRD lists all the names of the supported properties, it only lists the names of the 
supported entity domains and not the entity identifiers. Sometimes a client only wants to know 
what entity identifiers it can provide as input to a filtered property map request but does not 
want to download the full property map, or it may want to check whether some given entity 
identifiers are eligible for a query. To support these cases, the filtered property map supports a 
lightweight response with empty property values. 


8.1. Media Type 


The media type of a property map resource is "application/alto-propmaptjson". 


8.2. HTTP Method 
The filtered property map is requested using the HTTP POST method. 
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8.3. Accept Input Parameters 


The input parameters for a filtered property map request are supplied in the entity body of the 
POST request. This document specifies the input parameters with a data format indicated by the 
media type "application/alto-propmapparamsz+json", which is a JSON object of type 
ReqFilteredPropertyMap. ReqFilteredPropertyMap is designed to support the following cases of 
client requests: 


° The client wants the value of a selected set of properties for a selected set of entities; 
e The client wants all property values on all the entities; 


e The client wants all entities for which a property is defined but is not interested in their 
property values; or 


e The client wants to cross-check whether some entity identifiers are present in the filtered 
property map but is not interested in their property values. 


The third case is equivalent to querying the whole unfiltered property map, which can also be 
achieved with a GET request. Some Clients, however, may prefer to systematically make filtered 
property map queries, where filtering parameters may sometimes be empty. 


The JSON object ReqFilteredPropertyMap is specified as follows: 


object { 
EntityID entities<@..*>; 
[EntityPropertyName properties<@..*>;] 
} ReqFilteredPropertyMap; 


with fields: 


entities: A list of entity identifiers for which the specified properties are to be returned. If the list 
is empty, the ALTO Server MUST interpret the list as if it contained a list of all entities currently 
defined in the filtered property map. The domain of each entity MUST be included in the list of 
entity domains in this resource's "capabilities" field (see Section 8.4). The ALTO server MUST 
interpret entries appearing multiple times as if they appeared only once. 


properties: A list of properties to be returned for each entity. If the list is empty, the ALTO Sever 
MUST interpret the list as if it contained a list of all properties currently defined in the filtered 
property map. Each specified property MUST be included in the list of properties in this 
resource's "capabilities" field (see Section 8.4). The ALTO server MUST interpret entries 
appearing multiple times as if they appeared only once. This field is optional. If it is absent, the 
Server returns a property value equal to the literal string "{}" for all the entity identifiers of the 
"entities" field for which at least one property is defined. 
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Note that the field "properties" is optional. In addition, when the "entities" field is an empty list, it 
corresponds to a query for all applicable entity identifiers of the filtered property map, with no 
current interest on any particular property. When the "entities" field is not empty, it allows the 
Client to check whether the listed entity identifiers can be used as input to a filtered property map 


query. 


8.4. Capabilities 


The capabilities are defined by an object of type PropertyMapCapabilities, as defined in Section 
7A. 


8.5. Uses 


This is the same as the "uses" field of the property map resource (see Section 7.5). 


8.6. Filtered Property Map Response 


The response MUST indicate an error, using ALTO Protocol error handling, as defined in Section 
8.5 of [RFC7285], if the request is invalid. 


Specifically, a filtered property map request can be invalid in the following cases: 


e The input field "entities" is absent from the Client request. In this case, the Server MUST return 
an "E MISSING _FIELD" error as defined in Section 8.5.2 of [RFC7285]. 


e An entity identifier in the "entities" field of the request is invalid. This occurs when: 
° The domain of this entity is not defined in the "mappings" capability of this resource in the 
IRD, or 
° The entity identifier is not valid for the entity domain. 


A valid entity identifier never generates an error, even if the filtered property map resource 
does not define any properties for it. 


If an entity identifier in the "entities" field of the request is invalid, the ALTO server MUST 
return an "E INVALID FIELD VALUE" error defined in Section 8.5.2 of [RFC7285], and the 
"value" field of the error message SHOULD indicate the provided invalid entity identifier. 


e A property name in the "properties" field of the request is invalid. This occurs when this 
property name is not defined in the "properties" capability of this resource in the IRD. 


When a filtered property map resource does not define a value for a property requested fora 
particular entity, it is not an error. In this case, the ALTO server MUST omit that property from 
the response for that endpoint. 


If a property name in the "properties" field in the request is invalid, the ALTO server MUST 
return an "E INVALID FIELD VALUE" error defined in Section 8.5.2 of [RFC7285]. The "value" 
field of the error message SHOULD indicate the property name. 


Some identifiers can be interpreted as both an entity name and a property name, as is the case 
for "pid" if it were erroneously used alone. In such a case, the Server SHOULD follow Section 8.5.2 
of [RFC7285], which says: 
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For an E_INVALID_FIELD_VALUE error, the server may include an optional field named 
"field" in the "meta" field of the response, to indicate the field that contains the wrong 
value. 


The response to a valid request is the same as for the property map (see Section 7.6) except that: 


e If the requested entities include entities with a resource-agnostic identifier, the "dependent- 
vtags" field in its "meta" field MUST include version tags of all dependent resources appearing 
in the "uses" field. 

e If the requested entities only include entities in resource-specific entity domains, the 
"dependent-vtags" field in its "meta" field MUST include the version tags of the resources on 
which the requested resource-specific entity domains and the requested resource-specific 
properties are dependent. 


° The response only includes the entities and properties requested by the client. If an entity in 
the request is identified by a hierarchical identifier (e.g., a "ipv4" or "ipv6" prefix), the response 
MUST return all properties that are present for any address covered by the prefix, even 
though some of those properties may not be present for all addresses covered by the prefix. 


e When the input member "properties" is absent from the client request, the Server returns a 
property map containing all the requested entity identifiers for which one or more properties 
are defined. For all the entities of the returned map, the returned property value is equal to 


"E 


The filtered property map response MUST include all the inherited property values for the 
requested entities and all the entities that are able to inherit property values from the requested 
entities. To achieve this goal, the ALTO server MAY follow two rules: 


e Ifa property for a requested entity is inherited from another entity not included in the 
request, the response MUST include this property for the requested entity. For example, a full 
property map may skip a property P for an entity A (e.g., "ipv4:192.0.2.0/31") if P can be 
derived using inheritance from another entity B (e.g., "ipv4:192.0.2.0/30"). A filtered property 
map request may include only A but not B. In sucha case, the property P MUST be included in 
the response for A. 

e If there are entities covered by a requested entity but they have different values for the 
requested properties, the response MUST include all those entities and the different property 
values for them. For example, consider a request for property P of entity A (e.g., 
"{pv4:192.0.2.0/31"): if P has value v1 for "A1=ipv4:192.0.2.0/32" and v2 for "A2=ipv4:192.0.2.1/32", 
then the response SHOULD include A1 and A2. 


For the sake of response compactness, the ALTO server SHOULD obey the following rule: 


e If an entity identifier in the response is already covered by other entities identifiers in the 
same response, it SHOULD be removed from the response. In the previous example, the entity 
"A=ipv4:192.0.2.0/31" SHOULD be removed because A1 and A2 cover all the addresses in A. 


Roome, et al. Standards Track Page 30 


RFC 9240 Entity Property Maps July 2022 


An ALTO client should be aware that the entities in the response may be different from the entities 
in its request. 


8.7. Entity Property Type Defined in This Document 


This document defines the entity property type "pid". This property type extends the ALTO 
endpoint property type "pid" defined in Section 7.1.1 of [RFC7285] as follows: the property has the 
same semantics and applies to IPv4 and IPv6 addresses; the difference is that the IPv4 and IPv6 
addresses have evolved from the status of endpoints to the status of entities. 


The defining information resource for property type MUST be a network map. 
8.7.1. Entity Property Type: pid 


Identifier: pid 


Semantics: the intended semantics are the same as in [RFC7285] for the ALTO endpoint property 
type "pid". 
Media type of defining information resource: application/alto-networkmapt+json 


Security considerations: for entity property type "pid" are the same as documented in [RFC7285] 
for the ALTO endpoint property type "pid". 


9. Impact on Legacy ALTO Servers and ALTO Clients 


9.1. Impact on Endpoint Property Service 


Since the property map and the filtered property map defined in this document provide a 
functionality that covers the EPS defined in Section 11.4 of [RFC7285], ALTO servers may prefer to 
provide property map and filtered property map in place of EPS. However, for the legacy 
endpoint properties, it is recommended that ALTO servers also provide EPS so that legacy clients 
can still be supported. 


9.2. Impact on Resource-Specific Properties 


Section 10.8 of [RFC7285] defines two categories of endpoint properties: "resource-specific" and 
"global". Resource-specific property names are prefixed with the identifier of the resource they 
depend on, while global property names have no such prefix. The property map and the filtered 
property map specified in this document define similar categories of entity properties. The 
difference is that entity property maps do not define "global" entity properties. Instead, they 
define self-defined entity properties as a special case of "resource-specific" entity properties, 
where the specific resource is the property map itself. This means that self-defined properties are 
defined within the scope of the property map. 
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9.3. Impact on Other Properties 


In the present extension, properties can be defined for sets of entity addresses, rather than just 
individual endpoint addresses as initially defined in [RFC7285]. This might change the semantics 
of a property. These sets can be, for example, hierarchical IP address blocks. For instance, a 
property suchas the fictitious "geo-location" defined for a set of IP addresses would have a value 
corresponding to a location representative of all the addresses in this set. 


10. Examples 


In this document, the HTTP message bodies of all the examples use Unix-style line-ending 
character (%x0A) as the line separator. 


10.1. Network Map 


The examples in this section use a very simple default network map: 


defaultpid: ipv4:0.0.0.0/0 ipv6:::/0 


pid1: ipv4:192.0.2.0/25 
pid2: ipv4:192.0.2.0/27 
pid3: ipv4:192.0.3.0/28 
pid4: ipv4:192.0.3.16/28 


Table 3: Example Default Network Map 


And another simple alternative network map: 


defaultpid: ipv4:0.0.0.0/0 ipvé6:::/0 
pid1: ipv4:192.0.2.0/27 


pid2: ipv4:192.0.3.0/27 


Table 4: Example Alternative Network 
Map 


10.2. Property Definitions 


Beyond "pid", the examples in this section use four additional, fictitious property types for entities 
of domain type "ipv4": "countrycode", "ASN", "ISP", and "state". These properties are assumed to be 
resource-agnostic so their name is identical to their type. The entities have the following values: 
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ISP 
ipv4:192.0.2.0/23: BitsRus 
ipv4:192.0.2.0/28: - 
ipv4:192.0.2.16/28: - 
ipv4:192.0.2.1: - 
ipv4:192.0.3.0/28: - 


ipv4:192.0.3.16/28: - 


65544 


65544 


countrycode 


us 


state 


PA 


TX 


MN 


Table 5: Example Property Values for Internet Address Domains 


July 2022 


The examples in this section use the property "region" for the PID domain of the default network 


map with the following values: 


pid:defaultpid: 
pid:pid1: 
pid:pid2: 
pid:pid3: 


pid:pid4: 


region 


us-west 


us-east 


us-south 


us-north 


Table 6: Example Property Values for 
Default Network Map's PID Domain 


Note that "-" means the value of the property for the entity is "undefined". So the entity would 
inherit a value for this property by the inheritance rule if possible. For example, the value of the 


"ISP" property for "ipv4:192.0.2.1" is "BitsRus" because of "ipv4:192.0.2.0/24". But the "region" 


property for "pid:defaultpid" has no value because there is no entity from which it can inherit. 


Similar to the PID domain of the default network map, the examples in this section use the 


property "ASN" for the PID domain of the alternative network map with the following values: 


ASN 
pid:defaultpid: - 
pid:pid1: 65543 
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ASN 


pid:pid2: 65544 


Table 7: Example Property Values for 
Alternative Network Map's PID Domain 


10.3. Information Resource Directory (IRD) 


The following IRD defines ALTO Server information resources that are relevant to the Entity 
Property Service. It provides a property map for the "ISP" and "ASN" properties. The server could 
have provided a single property map for all four properties, but it does not, presumably because 
the organization that runs the ALTO server believes that a client is not necessarily interested in 
getting all four properties. 


The server provides several filtered property maps. The first returns all four properties, and the 
second returns only the "pid" property for the default network map and the "alt-network-map". 


The filtered property maps for the "ISP", "ASN", "countrycode", and "state" properties do not 
depend on the default network map (it does not have a "uses" capability) because the definitions 
of those properties do not depend on the default network map. The filtered property map 
providing the "pid" property does have a "uses" capability for the default network map because 
the default network map defines the values of the "pid" property. 


Note that for legacy clients, the ALTO server provides an Endpoint Property Service for the "pid" 
property defined for the endpoints of the default network map and the "alt-network-map". 


The server provides another filtered Property map resource, named "ane-dc-property-map", that 
returns fictitious properties named "storage-capacity", "ram", and "cpu" for ANEs that havea 
persistent identifier. The entity domain to which the ANEs belong is self-defined and valid only 
within the property map. 


The other property maps in the returned IRD are shown here for purposes of illustration. 
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GET /directory HTTP/1.1 
Host: alto.example.com 
Accept: application/alto-directory+json, application/alto-error+json 


HTTP/1.1 200 OK 
Content-Length: 2713 
Content-Type: application/alto-directory+json 


{ 
"meta" : { 
"default-alto-network-map" : "default-network-map" 


"resources" : { 
"default-network-map" : { 
"uri" : "http://alto.example.com/networkmap/default", 
"media-type" : "“application/alto-networkmap+json" 


"alt-network-map" a 
"uri" : "http://alto.example.com/networkmap/alt", 
"media-type'’ : "“application/alto-networkmap+json" 


"“ia-property-map" : { 
"uri" : "http://alto.example.com/propmap/full/inet-ia", 
"media-type'’ : "“application/alto-propmap+json", 
"capabilities" : { 
"mappings": { 
PIVA el ede ae alli: 
troy SS Ulin tS Page S Niel) 
} 
} 


"iacs-property-map" : { 

"uri" : "http://alto.example.com/propmap/lookup/inet-iacs", 

"media-type'’ : "“application/alto-propmap+json", 

"accepts": "“application/alto-propmapparams+json", 

"capabilities" 

"mappings": { 

CIVA s E PSPs CASN wo COUN ERY COdew. "staten alr 
"ipv6o": [ ".ISP", ".ASN", ".countrycode", ".state" ] 


} 


egion-property-map": { 
"uri": "http://alto.example.com/propmap/lookup/region", 
"media-type': "“application/alto-propmap+json", 
": "“application/alto-propmapparams+json", 
"uses" : [ "default-network-map", "“alt-network-map" ], 
"capabilities": { 
"mappings": { 
"default-network-map.pid": [ ".region" ], 
"alt-network-map.pid": [ ".ASN" ] 


} 


} 
} 
ee 
"ip-pid-property-map" : { 
"uri" : "http://alto.example.com/propmap/lookup/pid", 
"media-type'’ : "application/alto-propmap+json", 
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"accepts" : "“application/alto-propmapparams+json", 
"uses" : [ "default-network-map", "“alt-network-map" ], 
"capabilities" : { 


"mappings": { 
"ipv4": [ "default-network-map.pid", 
"alt-network-map.pid" ], 
ipv6": [ "default-network-map.pid", 
"alt-network-map.pid" ] 


} 
} 
he 
"legacy-endpoint-property" : { 
"uri" : "http://alto.example.com/legacy/eps-pid", 
"media-type" : "“application/alto-endpointpropt+json", 
"accepts" : "“application/alto-endpointpropparams+json", 
"capabilities" : { 
"properties" : [ "“default-network-map.pid", 
"alt-network-map.pid" ] 
} 
"ane-dc-property-map": { 
"uri" : "http://alto.example.com/propmap/lookup/ane-dc", 
"media-type" : "“application/alto-propmap+json", 
"accepts": "“application/alto-propmapparams+json", 
"capabilities": { 
"mappings": { 
"ane" : [ "storage-capacity", "ram", "cpu" ] 
} 
} 
} 


Figure 1: Example IRD 


10.4. Full Property Map Example 


The following example uses the properties and IRD defined in Section 10.3 to retrieve a property 
map for entities with the "ISP" and "ASN" properties. 


Note that, to be compact, the response does not include the entity "ipv4:192.0.2.1" because values 
of all those properties for this entity are inherited from other entities. 


Also note that the entities "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28" are merged into 
"ipv4:192.0.2.0/27" because they have the same value of the "ASN" property. The same rule applies 
to the entities "ipv4:192.0.3.0/28" and "ipv4:192.0.3.16/28". Both "ipv4:192.0.2.0/27" and 
"jpv4:192.0.3.0/27" omit the value for the "ISP" property because it is inherited from 
"jpv4:192.0.2.0/23". 


GET /propmap/full/inet-ia HTTP/1.1 
Host: alto.example.com 
Accept: application/alto-propmap+json, application/alto-error+json 
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HTTP/1.1 200 OK 
Content-Length: 418 
Content-Type: application/alto-propmap+json 


{ 
"meta": { 
"“dependent-vtags": [ 
{"resource-id": "default-network-map", 
"tag": "Zee2cb7e8d63d9fab71b9b34cbf764436315542e"}, 
"“resource-id": "alt-network-map", 
"tag": "c@ceQ23b8678a7b9ec88324673b98e54656d1f6d" } 
] 
Jo 
"property-map": { 
"ipv4:192.0.2.0/23": o S Pag ees Baste SRU Giana 
"ipv4:192.0.2.0/27": {".ASN": "65543"}, 
"ipv4:192.0.3.0/27":  {".ASN": "65544"} 
} 
} 


10.5. Filtered Property Map Example #1 


The following example uses the filtered property map resource to request the "ISP", "ASN", and 
"state" properties for several IPv4 addresses. 


Note that the value of "state" for "ipv4:192.0.2.1" is the only explicitly defined property; the other 
values are all derived from the inheritance rules for Internet address entities. 


POST /propmap/lookup/inet-iacs HTTP/1.1 

Host: alto.example.com 

Accept: application/alto-propmap+json, application/alto-error+json 
Content-Length: 158 

Content-Type: application/alto-propmapparams+json 


{ 
"entities" : [ "ipv4:192.0.2.0", 


EUDVAE OO R2 lun 
PVA OD A enn 
"properties s | @aUSP a. VASNG wi astaten 1] 
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HTTP/1.1 200 OK 
Content-Length: 540 
Content-Type: application/alto-propmap+json 


{ 
"meta": { 
"“dependent-vtags": [ 
{"resource-id": "default-network-map", 
"tag": "Zee2cb7e8d63d9fab71b9b34cbf764436315542e"}, 
"“resource-id": "alt-network-map", 
"tag": "c@ceQ23b8678a7b9ec88324673b98e54656d1f6d" } 
] 
J 
"property-map": { 
"ipv4:192.0.2.0": 
{ase LS Raza: Bal US emer A'S Nien 65.5 4S uae nme Sit alisha amr Nala an 
"ipv4:192.0.2.1": 
{" TSP". "BitsRus", ".ASN": "65543", "state": “PA's, 
EDV ASO 28 OF 2 lism: 
{".ISP": "BitsRus", ".ASN": "65543", ".state": "CT"} 
} 
} 


10.6. Filtered Property Map Example #2 


The following example uses the filtered property map resource to request the "ASN", 
"countrycode", and "state" properties for several IPv4 prefixes. 


Note that the property values for both entities "ipv4:192.0.2.0/26" and "ipv4:192.0.3.0/26" are not 
explicitly defined. They are inherited from the entity "ipv4:192.0.2.0/23". 


Also note that some entities like "ipv4:192.0.2.0/28" and "ipv4:192.0.2.16/28" in the response are not 
explicitly listed in the request. The response includes them because they are refinements of the 
requested entities and have different values for the requested properties. 


The entity "ipv4:192.0.4.0/26" is not included in the response because there are neither entities 
from which it is inherited, nor entities inherited from it. 


POST /propmap/lookup/inet-iacs HTTP/1.1 

Host: alto.example.com 

Accept: application/alto-propmap+json, application/alto-error+json 
Content-Length: 174 

Content-Type: application/alto-propmapparams+json 


{ 

"entities" < [ "ipv4:192.0.2.0/26", 
"ipv4:192.0.3.0/26", 
"ipv4:192.0.4.0/26" J], 

"properties" : [ ".ASN", ".countrycode", ".state" ] 
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HTTP/1.1 200 OK 
Content-Length: 774 
Content-Type: application/alto-propmap+json 


{ 
"meta": { 
"“dependent-vtags": [ 

{"resource-id": "default-network-map", 
"tag": "Zee2cb7e8d63d9fab71b9b34cbf764436315542e"}, 
"“resource-id": "alt-network-map", 

"tag": "c@ceQ23b8678a7b9ec88324673b98e54656d1f6d" } 
] 
J 
"property-map": { 
"ipv4:192.0.2.0/26": {".countrycode": "us"}, 
"ipv4:192.0.2.0/28": {".ASN": "65543", 
" state": "NJ"}, 
"ipv4:192.0.2.16/28": {".ASN": "65543", 
Sechechecr = Gilpin der 
el PVA aL 2 OC 2 alae Ms tate me Alms. 
"ipv4:192.0.3.0/26": {".countrycode": "us"}, 
"ipv4:192.0.3.0/28": {".ASN": "65544", 
etate n KIX F; 
"ipv4:192.0.3.16/28": {".ASN": "65544", 
" state": "MN"} 
} 
} 


10.7. Filtered Property Map Example #3 


The following example uses the filtered property map resource to request the "default-network- 
map.pid" property and the "alt-network-map.pid" property for a set of IPv4 addresses and 
prefixes. 


Note that the entity "ipv4:192.0.3.0/27" is decomposed into two entities: "ipv4:192.0.3.0/28" and 
"{pv4:192.0.3.16/28", as they have different "default-network-map.pid" property values. 


POST /propmap/lookup/pid HTTP/1.1 

Host: alto.example.com 

Accept: application/alto-propmap+json, application/alto-error+json 
Content-Length: 222 

Content-Type: application/alto-propmapparams+json 


{ 
Seitastee'Suy sai 
"ipv4:192.0.2.128", 
"ipv4:192.0.2.0/27", 
"ipv4:192.0.3.0/27" ], 
"properties" : [ "default-network-map.pid", 
"alt-network-map.pid" ] 
} 
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HTTP/1.1 200 OK 
Content-Length: 774 
Content-Type: application/alto-propmap+json 


{ 
"meta": { 
"“dependent-vtags": [ 
{"resource-id": "default-network-map", 
"tag": "Zee2cb7e8d63d9fab71b9b34cbf764436315542e"}, 
"“resource-id": "alt-network-map", 
"tag": "c@ceQ23b8678a7b9ec88324673b98e54656d1f6d" } 
] 
J 
"property-map": 
"ipv4:192.0.2.128": {"default-network-map.pid": "defaultpid", 
"alt-network-map.pid": "defaultpid"}, 
"ipv4:192.0.2.0/27": {"default-network-map.pid": "pid2", 
"alt-network-map.pid": "pid1"}, 
"ipv4:192.0.3.0/28": {"default-network-map.pid": "pid3", 
"alt-network-map.pid": "pid2"}, 
"ipv4:192.0.3.16/28": {"default-network-map.pid": "pid4", 
"alt-network-map.pid": "pid2"} 
} 
} 


10.8. Filtered Property Map Example #4 


Here is an example of using the filtered property map to query the regions for several PIDs in 
"default-network-map". The "region" property is specified as a self-defined property, i.e., the values 
of this property are defined by this property map resource. 


POST /propmap/lookup/region HTTP/1.1 

Host: alto.example.com 

Accept: application/alto-propmap+json, application/alto-error+json 
Content-Length: 132 

Content-Type: application/alto-propmapparams+json 


{ 
"entities" : ["default-network-map.pid:pid1", 
"default-network-map.pid:pid2"], 
"properties" : | ".region" ] 
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HTTP/1.1 200 OK 
Content-Length: 326 
Content-Type: application/alto-propmap+json 


{ 
"meta" : { 
"“dependent-vtags" : [ 
{"resource-id": "default-network-map" 


"tag": "7915dc0290c2705481C0491a2b4f fbec482b3cf62"} 
] 


P 
"property-map": { 
"default-network-map.pid:pid1": { 
" region": "us-west" 


D 

"default-network-map.pid:pid2": { 
" region": "us-east" 

} 


} 
} 


10.9. Filtered Property Map for ANEs Example #5 


The following example uses the filtered property map resource "ane-dc-property-map" to request 
properties "storage-capacity" and "cpu" on several ANEs defined in this property map. 


POST /propmap/lookup/ane-de HTTP/1.1 

Host: alto.example.com 

Accept: application/alto-propmap+json, application/alto-error+json 
Content-Length: 155 

Content-Type: application/alto-propmapparams+json 


{ 

"entities" : [".ane:dc21", 
"-ane:dc45-srv9", 
"ane:dc6-srvcluster8"], 

"properties" : [ "“storage-capacity", "cpu" ] 
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HTTP/1.1 200 OK 
Content-Length: 295 
Content-Type: application/alto-propmap+json 


{ 
"meta" : { 


} 


roperty-map": { 
"lane:dc21": 

{"storage-capacity" : 40000, "cpu" : 500}, 
" ,ane:dc45-srv9": 

{"storage-capacity" : 100, "cpu" : 20}, 
".ane:dc6-srvcluster8": 

{"storage-capacity" : 6000, "cpu" : 100} 


11. Security Considerations 


Both property map and filtered property map defined in this document fit into the architecture of 
the ALTO base protocol, and hence the Security Considerations (Section 15 of [RFC7285]) of the 
base protocol fully apply: authenticity and integrity of ALTO information (i.e., authenticity and 
integrity of property maps), potential undesirable guidance from authenticated ALTO 
information (e.g., potentially imprecise or even wrong value of a property such as geo-location), 
confidentiality of ALTO information (e.g., exposure of a potentially sensitive entity property such 
as geo-location), privacy for ALTO users, and availability of ALTO services should all be 
considered. 


ALTO clients using this extension should in addition be aware that the entity properties they 
require may convey more details than the endpoint properties conveyed by using [RFC7285]. 
Client requests may reveal details of their activity or plans thereof such that a malicious Server, 
which is in a position to do so, may monetize or use for attacks or undesired surveillance. 
Likewise, ALTO Servers expose entities and properties related to specific parts of the 
infrastructure that reveal details of capabilities, locations, or resource availability. These details 
may be maliciously used for competition purposes, or to cause resource shortage or undesired 
publication. 


To address these concerns, the property maps provided by this extension require additional 
attention to two security considerations discussed in: Section 15.2 ("Potential Undesirable 
Guidance from Authenticated ALTO Information") of [RFC7285] and Section 15.3 ("Confidentiality 
of ALTO Information’) of [RFC7285]. Threats to the availability of the ALTO service caused by 
highly demanding queries should be addressed as specified in Section 15.5 of [RFC7285]. 


e Potential undesirable guidance from authenticated ALTO information: this can be caused by 
Property values that change over time and thus lead to performance degradation or system 
rejection of application requests. 


Roome, et al. Standards Track Page 42 


RFC 9240 Entity Property Maps July 2022 


To avoid these consequences, a more robust ALTO client should adopt and extend protection 
strategies specified in Section 15.2 of [RFC7285]. For example, to be notified immediately 
when a particular ALTO value that the Client depends on changes, it is RECOMMENDED that 
both the ALTO Client and ALTO Server using this extension implement "Application-Layer 
Traffic Optimization (ALTO) Incremental Updates Using Server-Sent Events (SSE)" [RFC8895]. 


Confidentiality of ALTO information: as discussed in Section 15 of [RFC7285], properties may 
have sensitive customer-specific information. If this is the case, an ALTO Server may limit 
access to those properties by providing several different property maps. For a nonsensitive 
properties, the ALTO Server would provide a URI that accepts requests from any client. 
Sensitive properties, on the other hand, would only be available via a secure URI that would 
require client authentication. Another way is to expose highly abstracted, coarse-grained 
property values to all Clients while restricting access to URIs that expose more fine-grained 
values to authorized Clients. Restricted access URIs may be gathered in delegate IRDs as 
specified in Section 9.2.4 of [RFC7285]. 


Also, while technically this document does not introduce any security risks not inherent in 
the Endpoint Property Service defined by [RFC7285], the GET-mode property map resource 
defined in this document does make it easier for a client to download large numbers of 
property values. Accordingly, an ALTO Server should limit GET-mode property maps to 
properties that do not contain sensitive data. 


Section 12 of this document specifies that the ALTO service provider MUST be aware of the 
potential sensitivity of exposed entity domains and properties. Section 12.3.2 (ALTO Entity 
Domain Type Registration Process) of this document specifies that when the registration of 
an entity domain type is requested of IANA, the request MUST include security considerations 
that show awareness of how the exposed entity addresses may be related to private 
information about an ALTO client or an infrastructure service provider. Likewise, Section 
12.4 (ALTO Entity Property Types Registry) of this document specifies that when the 
registration of a property type is requested of IANA, the request MUST include security 
considerations that explain why this property type is required for ALTO-based operations. 


The risk of ALTO information being leaked to malicious Clients or third parties is addressed 
similarly to Section 7 of [RFC8896]. ALTO clients and servers SHOULD support TLS 1.3 
[RFC8446]. 


12. IANA Considerations 


This document defines additional application/alto-* media types, which are listed in Table 8. It 
defines the "ALTO Entity Domain Types" registry that extends the "ALTO Address Types" registry 
defined in [RFC7285]. It also defines the "ALTO Entity Property Types" registry that extends the 
"ALTO Endpoint Property Types" registry defined in [RFC7285]. 


Type Subtype Specification 


application alto-propmap+json Section 7.1 
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Type Subtype Specification 


application alto-propmapparamstjson Section 83 


Table 8: Additional ALTO Media Types 
12.1. application/alto-propmap+json Media Type 
Type name: 


application 


Subtype name: 
alto-propmap+json 


Required parameters: 
n/a 


Optional parameters: 
n/a 


Encoding considerations: 
Encoding considerations are identical to those specified for the "application/json" media type. 
See [RFC8259]. 


Security considerations: 
Security considerations related to the generation and consumption of ALTO Protocol 
messages are discussed in Section 15 of [RFC7285] and Section 11 of this document. 


Interoperability considerations: 
n/a 


Published specification: 
This document is the specification for this media type. See Section 7.1. 


Applications that use this media type: 
ALTO servers and ALTO clients [RFC7285], either standalone or embedded within other 
applications, when the queried resource is a property map, whether filtered or not. 


Fragment identifier considerations: 
n/a 


Additional information: 
Magic number(s): n/a 


File extension(s): n/a 
Macintosh file type code(s): n/a 


Person & email address to contact for further information: 
See Authors' Addresses section. 
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Intended usage: 
COMMON 


Restrictions on usage: 
n/a 


Author: 
See Authors' Addresses section. 


Change controller: 
Internet Engineering Task Force (iesg@ietf.org). 


12.2. alto-propmapparams+json Media Type 


Type name: 
application 


Subtype name: 
alto-propmapparams+json 


Required parameters: 
n/a 


Optional parameters: 
n/a 


Encoding considerations: 
Encoding considerations are identical to those specified for the "application/json" media type. 
See [RFC8259]. 


Security considerations: 
Security considerations related to the generation and consumption of ALTO Protocol 
messages are discussed in Section 15 of [RFC7285] and Section 11 of this document. 


Interoperability considerations: 
n/a 


Published specification: 
This document is the specification for this media type. See Section 8.3. 


Applications that use this media type: 
ALTO servers and ALTO clients [RFC7285], either standalone or embedded within other 
applications, when the queried resource is a filtered property map. This media type indicates 
the data format used by the ALTO client to supply the property map filtering parameters. 


Fragment identifier considerations: 
n/a 


Additional information: 
Magic number(s): n/a 
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File extension(s): n/a 
Macintosh file type code(s): n/a 


Person & email address to contact for further information: 
See Authors' Addresses section. 


Intended usage: 
COMMON 


Restrictions on usage: 
n/a 


Author: 
See Authors' Addresses section. 


Change controller: 
Internet Engineering Task Force (iesg@ietf.org). 


12.3. ALTO Entity Domain Types Registry 


IANA has created and will maintain the "ALTO Entity Domain Types" registry listed in Table 9. The 
first row lists information items that must be provided with each registered entity domain type. 
Section 12.3.2 specifies how to document these items and in addition provides guidance on the 
security considerations item that must be documented. 


Identifier Entity Hierarchy and Media Type of Mapping to 
Identifier Inheritance Defining Resource ALTO Address 
Encoding Type 

ipv4 See Section See Section 6.1.3 application/alto- true 
6.1.1 networkmap+json 

ipv6 See Section See Section 6.1.3 application/alto- true 
6.1.2 networkmap+json 

pid See Section 6.2 None application/alto- false 

networkmap+json 


Table 9: ALTO Entity Domain Types 


This registry serves two purposes. First, it ensures uniqueness of identifiers referring to ALTO 
entity domain types. Second, it states the requirements for allocated entity domain types. 


As specified in Section 5.1.1, identifiers prefixed with "priv:" are reserved for Private Use without a 
need to register with IANA 
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12.3.1. Consistency Procedure between ALTO Address Types Registry and ALTO Entity 
Domain Types Registry 


One potential issue of introducing the "ALTO Entity Domain Types" registry is its relationship with 
the "ALTO Address Types" registry already defined in Section 14.4 of [RFC7285]. In particular, the 
entity identifier of a type of an entity domain registered in the "ALTO Entity Domain Types" 
registry MAY match an address type defined in "ALTO Address Types" registry. It is necessary to 
precisely define and guarantee the consistency between "ALTO Address Types" registry and "ALTO 
Entity Domain Types" registry. 


We define that the "ALTO Entity Domain Types" registry is consistent with "ALTO Address Types" 
registry if two conditions are satisfied: 


e When an address type is already registered or is able to be registered in the "ALTO Address 
Types" registry [RFC7285], the same identifier MUST be used when a corresponding entity 
domain type is registered in the "ALTO Entity Domain Types" registry. 

e If an ALTO entity domain type has the same identifier as an ALTO address type, their address 
encodings MUST be compatible. 


To achieve this consistency, the following items MUST be checked before registering a new ALTO 
entity domain type in a future document: 


e Whether the "ALTO Address Types" registry contains an address type that can be used as an 
identifier for the candidate entity domain type identifier. This has been done for the 
identifiers "ipv4" and "ipv6" of Table 9. 


e Whether the candidate entity domain type identifier can potentially be an endpoint address 
type, as defined in Sections 2.1 and 2.2 of [RFC7285]. 


When a new ALTO entity domain type is registered, the consistency with the "ALTO Address 
Types" registry MUST be ensured by the following procedure: 


° Test: Do corresponding entity domain type identifiers match a known "network" address 
type? 
° If yes (e.g., cell, MAC, or socket addresses): 
m Test: Is such an address type present in the "ALTO Address Types" registry? 
m If yes: Set the new ALTO entity domain type identifier to be the found ALTO address 
type identifier. 


m If no: Define a new ALTO entity domain type identifier and use it to register a new 
address type in the "ALTO Address Types" registry following Section 14.4 of [RFC7285]. 


m Use the new ALTO entity domain type identifier to register a new ALTO entity domain 
type in the "ALTO Entity Domain Types" registry following Section 12.3.2 of this 
document. 


° If no (e.g., PID name, ANE name, or "countrycode"): Proceed with the ALTO Entity Domain 
Type registration as described in Section 12.3.2. 
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12.3.2. ALTO Entity Domain Type Registration Process 


New ALTO entity domain types are assigned after IETF Review [RFC8126] to ensure that proper 
documentation regarding the new ALTO entity domain types and their security considerations 
has been provided. RFCs defining new entity domain types MUST indicate how an entity ina 
registered type of domain is encoded as an EntityID and, if applicable, provide the rules for 
defining the entity hierarchy and property inheritance. Updates and deletions of ALTO entity 
domains types follow the same procedure. 


Registered ALTO entity domain type identifiers MUST conform to the syntactical requirements 
specified in Section 5.1.2. Identifiers are to be recorded and displayed as strings. 


Requests to IANA to adda newvalue to the "ALTO Entity Domain Types" registry MUST include the 
following information: 


Identifier: The name of the desired ALTO entity domain type. 


Entity Identifier Encoding: The procedure for encoding the identifier of an entity of the 
registered domain type as an EntityID (see Section 5.1.3). If corresponding entity identifiers of 
an entity domain type matcha known "network" address type, the Entity Identifier Encoding 
of this domain identifier MUST include both Address Encoding and Prefix Encoding of the 
same identifier registered in the "ALTO Address Types" registry [RFC7285]. To define properties, 
an individual entity identifier and the corresponding full-length prefix MUST be considered 
aliases for the same entity. 


Hierarchy: Ifthe entities form a hierarchy, the procedure for determining that hierarchy. 


Inheritance: If entities can inherit property values from other entities, the procedure for 
determining that inheritance. 


Media type of defining information resource: Some entity domain types allow an entity 
domain name to be combined with an information resource name to define a resource- 
specific entity domain. Such an information resource is called a "defining information 
resource" and is defined in Section 4.6. For each entity domain type, the potential defining 
information resources have one common media type. This unique common media type is 
specific to the entity domain type and MUST be specified. 


Mapping to ALTO Address Type: A boolean value to indicate if the entity domain type can be 
mapped to the ALTO address type with the same identifier. 


Security Considerations: In some usage scenarios, entity identifiers carried in ALTO Protocol 
messages may reveal information about an ALTO client or an ALTO service provider. 
Applications and ALTO service providers using addresses of the registered type should be 
cognizant of how (or if) the addressing scheme relates to private information and network 
proximity. 


IANA has registered the identifiers "ipv4", "ipv6", and "pid", as shown in Table 9. 
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12.4. ALTO Entity Property Types Registry 


IANA has created and will maintain the "ALTO Entity Property Types" registry, which is listed in 
Table 10. 


This registry extends the "ALTO Endpoint Property Types" registry, defined in [RFC7285], in that a 
property type is defined for one or more entity domains, rather than just for IPv4 and IPv6 
Internet address domains. An entry in this registry is an ALTO entity property type defined in 
Section 5.2.1. Thus, a registered ALTO entity property type identifier MUST conform to the 
syntactical requirements specified in that section. 


As specified in Section 5.2.1, identifiers prefixed with "priv:" are reserved for Private Use without a 
need to register with IANA. 


The first row of Table 10 lists information items that must be provided with each registered entity 
property type. 


Identifier Intended Semantics Media Type of Defining Resource 


pid See Section 7.1.1 of [RFC7285] application/alto-networkmap+json 
Table 10: ALTO Entity Property Types 


New ALTO entity property types are assigned after IETF Review [RFC8126] to ensure that proper 
documentation regarding the new ALTO entity property types and their security considerations 
has been provided. RFCs defining new entity property types SHOULD indicate how a property of a 
registered type is encoded as a property name. Updates and deletions of ALTO entity property 
types follow the same procedure. 


Requests to IANA to add a new value to the registry MUST include the following information: 


Identifier: The identifier for the desired ALTO entity property type. The format MUST be as 
defined in Section 5.2.1 of this document. 


Intended Semantics: ALTO entity properties carry with them semantics to guide their usage by 
ALTO clients. Hence, a document defining a new type SHOULD provide guidance to both ALTO 
service providers and applications utilizing ALTO clients as to how values of the registered 
ALTO entity property should be interpreted. 


Media type of defining information resource: when the property type allows values to be 
defined relative to a given information resource, the latter is referred to as the "defining 
information resource’; see the description in Section 4.7. For each property type, the potential 
defining information resources have one common media type. This unique common media 
type is specific to the property type and MUST be specified. 
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Security Considerations: ALTO entity properties expose information to ALTO clients. ALTO 
service providers should be cognizant of the security ramifications related to the exposure of 
an entity property. 


In security considerations, the request should also discuss the sensitivity of the information and 
why it is required for ALTO-based operations. Regarding this discussion, the request SHOULD 
follow the recommendations of the "ALTO Endpoint Property Types" registry in Section 14.3 of 


[RFC7285]. 


IANA has registered the identifier "pid", which is listed in Table 10. Semantics for this property are 
documented in Section 7.1.1 of [RFC7285]. No security issues related to the exposure of a "pid" 
identifier are considered, as it is exposed with the Network Map Service defined and mandated in 


[RFC7285]. 
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Appendix A. Features Introduced with the Entity Property 
Maps Extension 


The entity property maps extension described in this document introduces a number of features 
that are summarized in table below. The first column provides the name of the feature. The 
second column provides the section number of this document that gives a high-level description 
of the feature. The third column provides the section number of this document that gives a 
normative description relating to the feature, when applicable. 


Feature High-Level Related Normative 
Description Description 

Entity Section 3.1 Section 5.1.3 

Entity domain Section 3.2 

Entity domain type Section 3.2.1 Section 5.1.1 

Entity domain name Section 3.2.2 Section 5.1.2 

Entity property type Section 3.3 Sections 5.2, 5.2.1, 5.2.2, and 

5:2:3 

Entity property map Section 3.4 Sections 7 and 8 

Resource-specific entity domain Section 4.2 Sections 5.1.2 and 5.1.2.1 

name 

Resource-specific entity property Section 4.3 Section 5.2.3 

value 

Entity Hierarchy and property Section 4.4 Section 5.1.4 

inheritance 

Defining information resource Sections 4.6 and 4.7 Sections 12.3.2 and 12.4 


Table 11: Features Introduced with ALTO Entity Property Maps 
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